Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
configure: ClamAV version 0.90 detected. configure: Using scanner /usr/bin/clamdscan configure: Using scanner options --disable-summary --stdout configure: Using virus signature file dir /var/lib/clamav configure: Signature version reporting is off. configure: Scanner name adding is on. configure: Using temporary directory /var/tmp/portage/mail-filter/clamassassin-1.2.3/temp configure: Subject header rewriting is on: *****VIRUS***** configure: creating ./config.status config.status: creating clamassassin config.status: creating Makefile >>> Source compiled. --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/var/log/sandbox/sandbox-mail-filter_-_clamassassin-1.2.3-26024.log" open_wr: /var/lib/clamav/.dbLock open_wr: /var/lib/clamav/.dbLock -------------------------------------------------------------------------------- #emerge --info Portage 2.1.2-r9 (default-linux/x86/2006.0, gcc-4.1.1, glibc-2.5-r0, 2.6.18-gentoo-r6 i686) ================================================================= System uname: 2.6.18-gentoo-r6 i686 AMD Athlon(tm) XP 1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 28 Feb 2007 01:50:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openjms/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon-xp -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache collision-protect distcc distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict userfetch userpriv usersandbox" GENTOO_MIRRORS="http://ftp.club-internet.fr/pub/mirrors/gentoo/ http://mirror.ovh.net/gentoo-distfiles/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo/" LANG="en_US.ISO-8859-15" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--human-readable" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sunrise" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="apache2 apm arts bash-completion berkdb bitmap-fonts bzip2 caps clamd cli cracklib crypt cups curl dri eds emboss encode enscript esd expat fam foomaticdb fortran gd gdbm gif gmp gstreamer gtk2 iconv imlib isdnlog javamail jbig jms jmx jpeg libg++ libwww logrotate mad maildir midi mikmod mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre pic png pppd python qt3 qt4 quicktime readline reflection ruby sasl session spl sqlite ssl tcpd threads tiff truetype truetype-fonts type1-fonts vhosts vorbis x86 xml xml2 xorg xv zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS
Same bug here... My emerge --info : Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.2, glibc-2.5-r1, 2.6.20-gentoo-r3 x86_64) ================================================================= System uname: 2.6.20-gentoo-r3 x86_64 Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz Gentoo Base System release 1.12.9 Timestamp of tree: Fri, 23 Mar 2007 18:20:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-java/java-config: 1.3.7, 2.0.31-r5 dev-lang/python: 2.4.4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.20-r2 ACCEPT_KEYWORDS="amd64 x86 ~amd64 ~x86" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://gentoo.modulix.net/gentoo/ http://ftp.club-internet.fr/pub/mirrors/gentoo ftp://gentoo.imj.fr/pub/gentoo/ ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ " LANG="fr_FR.UTF-8" LC_ALL="fr_FR.UTF-8" LINGUAS="fr" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/marineam-xen /usr/portage/local/layman/aross /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acpi alsa amd64 apache2 bcmath berkdb bitmap-fonts bzip2 cairo calendar cdr cli cracklib crypt ctype cups dbus doc dri dvd dvdr dvdread eds emboss encode esd fam ffmpeg filter firefox fortran ftp gd gdbm gif gpm gstreamer gtk2 hal iconv imap inifile ipv6 isdnlog java jpeg kde lame libg++ libwww mad maildir midi mikmod mp3 mpeg mplayer mpm-threadpool mysql mysqli ncurses nls nptl nptlonly nsplugin ogg opengl oss pam pcntl pcre pdf perl png posix ppds pppd python qt3 qt4 quicktime readline reflection sasl sdl sensord session simplexml sockets spell spl sqlite ssl tcpd threads tidy truetype truetype-fonts type1-fonts unicode vda vorbis wifi xine xml xmlreader xmlrpc xmlwriter xorg xsl xv xvid zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="fr" USERLAND="GNU" VIDEO_CARDS="fglrx radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created an attachment (id=114181) [details] Patch which correct the sandbox violation This patch correct the sandbox violation by disabling the verification of the current virus database of ClamAV, which cause the violation trying to access the database in /var/lib bypassing the sandbox.
Created an attachment (id=114182) [details] Ebuild to merge clamassassin with the patch I submit
Seems to me that "addpredict" could be better than a patch in this case. Correct path to the lock file needs to be extracted from clamd.conf though (directive DatabaseDirectory). After stracing clamscan, I can see that it continues to scan even if the lock file can't be created (run by regular user, who doesn't have write access to DatabaseDirectory). I guess using "adddeny" would be even better here, so the merge process doesn't touch the live system. Tom?
I don't understand... Under the sandboxshell, there is no violation, even if I call src_compile as emerge do. Any idea ?
I get the same problem on amd64. I'm not sure it should be keyworded stable on amd64 with this issue.
I've added code which gets correct DatabaseDirectory from clamd.conf, and adds an appropriate addpredict call, so sandbox doesn't bomb out because of this. Please sync in few hours and give the new 1.2.3 a try.
(In reply to comment #7) > I've added code which gets correct DatabaseDirectory from clamd.conf, and adds > an appropriate addpredict call, so sandbox doesn't bomb out because of this. I still get a sandbox violation, but for /var/lib/clamav/main.inc/.dbLock (open_wr). # md5sum /usr/portage/mail-filter/clamassassin/clamassassin-1.2.3.ebuild b766dd71620ac287719834db8fcc28cb
Hm, interesting - I didn't know that more locations are tried. Anyway, I've added an addpredict call for whole DatabaseDirectory, so it should catch every attempt now.
resolved fixed i think :)
Great! :)
Should'nt it be RESOLVED FIXED instead of CLOSED TEST-REQUEST ? (not that i realy care... but it sound weird to me;)
Yes, it should, but noone really cares, and the only important thing is that both RESOLVED and CLOSED bugs disappear from results of saved searches developers set up - for example, this bug no longer shows up on my "net-mail bugs" search. :)
